Penetration tests come in a wide variety of sizes and scopes, so the well-equipped penetration tester needs a correspondingly large variety of tools at her disposal. The “Penetration Testers Open Source Toolkit”, Third Edition is an excellent overview of the most commonly used tools, and could serve as a checklist for developing a well-stocked armamentarium. There is not room to discuss each tool in great depth, but the reader can find many possibilities for further experimentation and research herein.
Each chapter follows a similar structure, making it easy to find what you need. Core concepts, targets and tools are discussed, and at the end of each chapter there is a case study, which shows the tools in action. The case study is then followed by a hands-on challenge for the reader. There is no answer key or solution for the challenges since they are relatively open-ended – the reader is left to take them as far as she would like.
The first chapter includes a good list of live CDs and prebuilt software kits, along with tools for creating your own if the listed ones don’t meet your needs. BackTrack is included of course, as is Katana, the Samurai Web Testing Framework, and several others which deserve greater awareness in the community. The chapter also lists are a number of compilations which could be used as targets for the tools, such as the Mutillidae application, the Damn Vulnerable Web Application, the De-ICE.net tools, and others. This chapter is a very nice setup for the followon sections which cover the different stages of penetration testing.
The second chapter covers reconnaissance, and is justifiably the longest chapter in the book. Time spent in this phase of pen testing is generally very worthwhile; there is much useful information that can be obtained, and there is no risk of alerting the target organization by “touching” their assets too soon. Appropriately, the author warns more than once to make sure that scope is well defined, and all parties are clear on what areas are in and out of scope. (The actual work of scoping and contracting an engagement are beyond the scope of this book.)
The author does a good job of introducing and discussing core concepts, and giving specific use examples. Considerable time is spent on DNS, and tools which can use DNS information for footprinting. Interestingly, “human reconnaissance” is mentioned in this chapter as well. By this, the author means exploration of relationships between humans, as revealed by information available in open sources, not the more conventional social engineering activities.
The next step after reconnaissance is scanning and enumeration, and the author discusses several forms of information and how to get it, from open ports to services like NetBIOS, banner grabbing and OS fingerprinting. The more common tools are mentioned briefly – there is not sufficient room to cover the depth of capabilities of a tool like nmap, for instance.
Once the tester has tools in hand, and the target organization reconnoitered and footprinted, the fun part starts. The main part of the book consists of six chapters of attack types, including client side attacks, wireless attacks, network device attacks, database attacks and others. Again for each section, the chapter covers core concepts, tools which illustrate and exploit the concepts, a case study illustrating tool usage, and an open-ended challenge for the reader. These chapters provide great examples of the sort of challenges that can be encountered during a penetration test, and practice for how to address them.
The last chapter of the book is literally an exercise for the reader – constructing a penetration testing lab to test the tools covered in the book, and build skills. Virtualization is covered briefly, different types of labs – internal vs external – are discussed, and then the reader is give the hands on challenge to build a lab and start learning by doing.
The Penetration Tester’s Open Source Toolkit is an excellent resource for someone who is looking for a compact organized discussion of the most common tools, the situations in which they are useful, and an overview of basic usage. Readers who build their own labs and dig further will gain very useful expertise as well as a well stocked toolkit!